[arch-general] Any way to decrypt hashes set by ssh HashKnownHosts?
Thomas Bächler
thomas at archlinux.org
Wed May 21 12:05:59 EDT 2008
eliott schrieb:
> Just because you can't see it doesn't mean it doesn't exist.
> unhashed known_hosts *is* more unsecure.
>
> If someone gets access to your account, they would get
> a) your key
> b) a list of hosts that the key is valid for
>
> hey! great!
>
> Compund this with the fact that many people use keys without a
> passphrase (a bad practice), someone can 'harvest' known_host data,
> and worm out to other hosts.. here is the kicker ... in a way that is
> easily automated.
The point is, without any notice, we provided a different configuration
file than the upstream configuration file. That's not how we do it, we
always provide the upstream configuration file.
If someone thinks that having unhased known_hosts is a security problem,
then he/she can change this configuration option on his/her system, that
is how Arch works. But now that hashed known_hosts silently became the
default, I cannot revert back.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://archlinux.org/pipermail/arch-general/attachments/20080521/f13cb117/attachment.pgp>
More information about the arch-general
mailing list